Skip to content

chore: update ws to 8.21.0, vitest to 4.1.8#90

Open
westurner wants to merge 3 commits into
mozilla:mainfrom
westurner:patch-1
Open

chore: update ws to 8.21.0, vitest to 4.1.8#90
westurner wants to merge 3 commits into
mozilla:mainfrom
westurner:patch-1

Conversation

@westurner

@westurner westurner commented May 29, 2026
edited
Loading

Copy link
Copy Markdown

Fixes this error message:

# npm audit report

ws  8.0.0 - 8.20.0
Severity: moderate
ws: Uninitialized memory disclosure - https://github.com/advisories/GHSA-58qx-3vcg-4xpx
No fix available
node_modules/@mozilla/firefox-devtools-mcp/node_modules/ws
  @mozilla/firefox-devtools-mcp  *
  Depends on vulnerable versions of ws
  node_modules/@mozilla/firefox-devtools-mcp

2 moderate severity vulnerabilities

Some issues need review, and may require choosing
a different dependency.

@westurner westurner changed the title Update ws dependency version to 8.21.0 chore: update ws dependency version to 8.21.0 May 29, 2026
juliandescottes
juliandescottes requested changes Jun 1, 2026
View reviewed changes

@juliandescottes juliandescottes left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@westurner thanks for the PR, the CI job is failing, can you update package-lock.json as well? Thanks

@westurner
chore: Update ws dependency version to 8.21.0
62891b4 
Fixes this error message:
```

ws  8.0.0 - 8.20.0
Severity: moderate
ws: Uninitialized memory disclosure - GHSA-58qx-3vcg-4xpx
No fix available
node_modules/@mozilla/firefox-devtools-mcp/node_modules/ws
  @mozilla/firefox-devtools-mcp  *
  Depends on vulnerable versions of ws
  node_modules/@mozilla/firefox-devtools-mcp

2 moderate severity vulnerabilities

Some issues need review, and may require choosing
a different dependency.
```
@westurner

westurner commented Jun 4, 2026

Copy link
Copy Markdown
Author

@juliandescottes updated package-lock.json. And then npm audit fix --force

@westurner westurner changed the title chore: update ws dependency version to 8.21.0 chore: update ws to 8.21.0, vitest to 4.1.0 Jun 4, 2026
@westurner westurner changed the title chore: update ws to 8.21.0, vitest to 4.1.0 chore: update ws to 8.21.0, vitest to 4.1.8 Jun 4, 2026
juliandescottes
juliandescottes requested changes Jun 4, 2026
View reviewed changes

@juliandescottes juliandescottes left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks, can you remove the carets from the versions?

Comment thread package.json Outdated
Comment thread package.json Outdated
@westurner

westurner commented Jun 5, 2026
edited
Loading

Copy link
Copy Markdown
Author

Someday also:

@juliandescottes juliandescottes self-requested a review June 9, 2026 08:13
@juliandescottes

juliandescottes commented Jun 9, 2026

Copy link
Copy Markdown
Collaborator

Someday also:

* Create an AGENTS.md and

There is one already, but yes it could mention the policy about version numbers.

The tests are failing, I guess it's because of the vitest update, can you take a look?

@juliandescottes

juliandescottes commented Jun 9, 2026

Copy link
Copy Markdown
Collaborator

Had a quick look, should just require to migrate mocks in core-prefs.test.ts (https://github.com/mozilla/firefox-devtools-mcp/blob/main/tests/firefox/core-prefs.test.ts#L25-L50) and core.test.ts (https://github.com/mozilla/firefox-devtools-mcp/blob/main/tests/firefox/core.test.ts#L95-L118) to use classes for Options, ServiceBuilder and Builder.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@juliandescottes juliandescottes Awaiting requested review from juliandescottes

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@westurner @juliandescottes